Threat Intelligence Report Investigating a Russian Video Game Publisher Supply Chain Compromise (English)
EclecticIQ Fusion Center Analysts observed an influx of uploads of an executable named "playblackdesert.exe" to Virus Total, associated with the Russian installation of a very popular South Korean Massively multiplayer online role-playing game called Black Desert Online.
Report from EclecticIQ Fusion Center from Tuesday 28 May 2019.
- Analysts observed many similarities between a binary labeled "playblackdesert.exe" and historic Intrusion Set: Winnti Group TTPs.
- The publishers of Black Desert Online in Russia, GameNet, have allegedly previously been targeted by the Winnti group.
- Multiple other binaries issued by GameNet have been flagged as malicious, pointing to possible further compromise.